CVE-2023-40293
MEDIUMHarman Infotainment - Unauthenticated Command Injection via D-Bus RPC
Title source: llmDescription
Harman Infotainment 20190525031613 and later allows command injection via unauthenticated RPC with a D-Bus connection object.
References (1)
Core 1
Core References
Exploit, Technical Description, Third Party Advisory
https://autohack.in/2023/07/26/dude-its-my-car-how-to-develop-intimacy-with-your-car/
Scores
CVSS v3
6.8
EPSS
0.0030
EPSS Percentile
53.7%
Attack Vector
PHYSICAL
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
total
Details
CWE
CWE-77
Status
published
Products (1)
samsung/harman_infotainment
20190525031613
Published
Aug 14, 2023
Tracked Since
Feb 18, 2026